You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
it seems the scxagent-logrotate selinux module is uninstalled after upgrading.
You need to change a lot of the postun scriptlet and put it into the if clause that is not being executed during update
Postuninstall from scx-1.6.6-0.x86_64
postuninstall scriptlet (using /bin/sh):
#!/bin/sh
# If we're called for upgrade, don't do anything
if [ "$1" -ne 1 ]; then
# Check if port 1270 is open
/opt/omi/bin/omiconfigeditor httpsport -q 1270 < /etc/opt/omi/conf/omiserver.conf > /dev/null 2>&1
if [ $? -eq 0 ]; then
touch /etc/opt/microsoft/scx/conf/scxagent-enable-port
# Remove port 1270 from the list of ports that OMI will listen on
/opt/omi/bin/omiconfigeditor httpsport -r 1270 < /etc/opt/omi/conf/omiserver.conf > /etc/opt/omi/conf/omiserver.conf_temp
mv /etc/opt/omi/conf/omiserver.conf_temp /etc/opt/omi/conf/omiserver.conf
fi
fi
# Clean up logrotate
rm -f /etc/logrotate.d/scxagent
rm -f /etc/cron.d/scxagent
DeleteSoftLinkToSudo() {
if [ -L /etc/opt/microsoft/scx/conf/sudodir ]; then
LINKED_DIR=`(cd /etc/opt/microsoft/scx/conf/sudodir ; pwd -P)`
[ x${LINKED_DIR} = x/usr/bin ] && rm /etc/opt/microsoft/scx/conf/sudodir
fi
}
DeleteSoftLinkToTmpDir() {
if [ -L /etc/opt/microsoft/scx/conf/tmpdir ]; then
LINKED_DIR=`(cd /etc/opt/microsoft/scx/conf/tmpdir ; pwd -P)`
[ x${LINKED_DIR} = x/tmp ] && rm /etc/opt/microsoft/scx/conf/tmpdir
fi
}
/opt/omi/bin/service_control reload
# If we're called for upgrade, don't do anything
if [ "$1" -ne 1 ]; then
DeleteSoftLinkToSudo
DeleteSoftLinkToTmpDir
fi
if [ -e /usr/sbin/semodule ]; then
if [ ! -z "$(/usr/sbin/semodule -l | grep scxagent-logrotate)" ]; then
echo "Removing selinux policy module for scxagent-logrotate ..."
/usr/sbin/semodule -r scxagent-logrotate
fi
fi
exit 0
I think this needs to go into the if clause that is not being executed during upgrade:
# Clean up logrotate
rm -f /etc/logrotate.d/scxagent
rm -f /etc/cron.d/scxagent
if [ -e /usr/sbin/semodule ]; then
if [ ! -z "$(/usr/sbin/semodule -l | grep scxagent-logrotate)" ]; then
echo "Removing selinux policy module for scxagent-logrotate ..."
/usr/sbin/semodule -r scxagent-logrotate
fi
fi
Reproducer (copied from other issue):
have a system without omi/scx
$ dnf install omi scx
Last metadata expiration check: 1:22:15 ago on Thu 11 Feb 2021 02:11:10 PM UTC.
Dependencies resolved.
=====================================================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
=====================================================================================================================================================================================================================================================================================
Installing:
omi x86_64 1.6.6-0 packages-microsoft-com-prod 1.8 M
scx x86_64 1.6.6-0 packages-microsoft-com-prod 2.0 M
Transaction Summary
=====================================================================================================================================================================================================================================================================================
Install 2 Packages
Total download size: 3.8 M
Installed size: 11 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): scx-1.6.6-0.universal.x64.rpm 9.6 MB/s | 2.0 MB 00:00
(2/2): omi-1.6.6-0.ssl_110.ulinux.x64.rpm 8.5 MB/s | 1.8 MB 00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 17 MB/s | 3.8 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: omi-1.6.6-0.x86_64 1/2
Creating omi group ...
Creating omi service account ...
Installing : omi-1.6.6-0.x86_64 1/2
Running scriptlet: omi-1.6.6-0.x86_64 1/2
************************************************************
* Warning: The certificate and keyfile were not generated *
* since they already exist. *
************************************************************
2021-02-11 15:33:30 : Crontab not configured to update omi keytab automatically. Skip unconfigure
ktutil not found
Checking if cron is installed...
Checking if cron/crond service is started...
Set up a cron job to OMI logrotate every 15 minutes
System appears to have SELinux installed, attempting to install selinux policy module for logrotate
Trying /usr/share/selinux/packages/omi-selinux/omi-logrotate.pp ...
Trying /usr/share/selinux/packages/omi-selinux/omi-selinux.pp ...
Labeling omi log files ...
Configuring OMI service ...
Created symlink /etc/systemd/system/multi-user.target.wants/omid.service → /usr/lib/systemd/system/omid.service.
Trying to start omi with systemctl
omi is started.
Running scriptlet: scx-1.6.6-0.x86_64 2/2
Installing : scx-1.6.6-0.x86_64 2/2
Running scriptlet: scx-1.6.6-0.x86_64 2/2
Trying to stop omi with systemctl
omi is stopped.
Trying to start omi with systemctl
omi is started.
System appears to have SELinux installed, attempting to install selinux policy module for logrotate
Trying /usr/share/selinux/packages/scxagent-logrotate/scxagent-logrotate.pp ...
Verifying : omi-1.6.6-0.x86_64 1/2
Verifying : scx-1.6.6-0.x86_64 2/2
Installed products updated.
Installed:
omi-1.6.6-0.x86_64 scx-1.6.6-0.x86_64
Complete!
$ dnf reinstall scx omi
Last metadata expiration check: 1:24:46 ago on Thu 11 Feb 2021 02:11:10 PM UTC.
Dependencies resolved.
=====================================================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
=====================================================================================================================================================================================================================================================================================
Reinstalling:
omi x86_64 1.6.6-0 packages-microsoft-com-prod 1.8 M
scx x86_64 1.6.6-0 packages-microsoft-com-prod 2.0 M
Transaction Summary
=====================================================================================================================================================================================================================================================================================
Total download size: 3.8 M
Installed size: 11 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): scx-1.6.6-0.universal.x64.rpm 12 MB/s | 2.0 MB 00:00
(2/2): omi-1.6.6-0.ssl_110.ulinux.x64.rpm 10 MB/s | 1.8 MB 00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 21 MB/s | 3.8 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: omi-1.6.6-0.x86_64 1/4
Unconfiguring omid (systemd) service ...
Removed /etc/systemd/system/multi-user.target.wants/omid.service.
Reinstalling : omi-1.6.6-0.x86_64 1/4
Running scriptlet: omi-1.6.6-0.x86_64 1/4
************************************************************
* Warning: The certificate and keyfile were not generated *
* since they already exist. *
************************************************************
omi already configured
2021-02-11 15:36:02 : Crontab not configured to update omi keytab automatically. Skip unconfigure
ktutil not found
Checking if cron is installed...
Checking if cron/crond service is started...
Set up a cron job to OMI logrotate every 15 minutes
System appears to have SELinux installed, attempting to install selinux policy module for logrotate
Trying /usr/share/selinux/packages/omi-selinux/omi-logrotate.pp ...
Trying /usr/share/selinux/packages/omi-selinux/omi-selinux.pp ...
Labeling omi log files ...
Configuring OMI service ...
Created symlink /etc/systemd/system/multi-user.target.wants/omid.service → /usr/lib/systemd/system/omid.service.
Trying to start omi with systemctl
omi is started.
Running scriptlet: scx-1.6.6-0.x86_64 2/4
Reinstalling : scx-1.6.6-0.x86_64 2/4
Running scriptlet: scx-1.6.6-0.x86_64 2/4
Trying to stop omi with systemctl
omi is stopped.
Trying to start omi with systemctl
omi is started.
System appears to have SELinux installed, attempting to install selinux policy module for logrotate
Trying /usr/share/selinux/packages/scxagent-logrotate/scxagent-logrotate.pp ...
Running scriptlet: scx-1.6.6-0.x86_64 3/4
Cleanup : scx-1.6.6-0.x86_64 3/4
Running scriptlet: scx-1.6.6-0.x86_64 3/4
Trying to stop omi with systemctl
omi is stopped.
Trying to start omi with systemctl
omi is started.
Removing selinux policy module for scxagent-logrotate ...
libsemanage.semanage_direct_remove_key: Removing last scxagent-logrotate module (no other scxagent-logrotate module exists at another priority).
Running scriptlet: omi-1.6.6-0.x86_64 4/4
Cleanup : omi-1.6.6-0.x86_64 4/4
Running scriptlet: omi-1.6.6-0.x86_64 4/4
Removing selinux policy module for omi-logrotate ...
libsemanage.semanage_direct_remove_key: Removing last omi-logrotate module (no other omi-logrotate module exists at another priority).
Verifying : omi-1.6.6-0.x86_64 1/4
Verifying : omi-1.6.6-0.x86_64 2/4
Verifying : scx-1.6.6-0.x86_64 3/4
Verifying : scx-1.6.6-0.x86_64 4/4
Installed products updated.
Reinstalled:
omi-1.6.6-0.x86_64 scx-1.6.6-0.x86_64
Complete!
$ semodule -l|grep -E 'scx|omi'
omi-selinux
Greetings
Klaas
The text was updated successfully, but these errors were encountered:
Hi,
cross linked from microsoft/omi/issues/680 -- hope I found the right github repository
it seems the scxagent-logrotate selinux module is uninstalled after upgrading.
You need to change a lot of the postun scriptlet and put it into the if clause that is not being executed during update
Postuninstall from scx-1.6.6-0.x86_64
I think this needs to go into the if clause that is not being executed during upgrade:
Reproducer (copied from other issue):
have a system without omi/scx
Greetings
Klaas
The text was updated successfully, but these errors were encountered: